Add sandbox_add_mount_pair support to docker sandbox The flag --sandbox_add_mount_pair allows multiple 'source:target' pairs to be added to the Linux sandbox. The docker sandbox should support this as well. Closes #9175. PiperOrigin-RevId: 264592536

commit: 850a301b173ce12f0f3f20a0d303efb22add9d18 [log] [tgz]
author: Matt Mukerjee <mukerjee@nefeli.io> Wed Aug 21 06:06:59 2019 -0700
committer: Copybara-Service <copybara-worker@google.com> Wed Aug 21 06:07:46 2019 -0700
tree: ce294dcb9cbe8c6de46a449a3e59a02bfc5eb2a5
parent: 5fc91a75082d5015654160d43c168e5eb74fe2ae [diff]
diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/DockerCommandLineBuilder.java b/src/main/java/com/google/devtools/build/lib/sandbox/DockerCommandLineBuilder.java
index db8c5c8..9f90209 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/DockerCommandLineBuilder.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/DockerCommandLineBuilder.java

@@ -16,6 +16,7 @@
 
 import com.google.common.base.Preconditions;
 import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
 import com.google.devtools.build.lib.runtime.ProcessWrapperUtil;
 import com.google.devtools.build.lib.vfs.Path;
 import com.google.devtools.build.lib.vfs.PathFragment;
@@ -39,6 +40,7 @@
   private int gid;
   private String commandId;
   private boolean privileged;
+  private List<Map.Entry<String, String>> additionalMounts;
 
   public DockerCommandLineBuilder setProcessWrapper(Path processWrapper) {
     this.processWrapper = processWrapper;
@@ -111,6 +113,12 @@
     return this;
   }
 
+  public DockerCommandLineBuilder setAdditionalMounts(
+      List<Map.Entry<String, String>> additionalMounts) {
+    this.additionalMounts = additionalMounts;
+    return this;
+  }
+
   public List<String> build() {
     Preconditions.checkNotNull(sandboxExecRoot, "sandboxExecRoot must be set");
     Preconditions.checkState(!imageName.isEmpty(), "imageName must be set");
@@ -138,6 +146,12 @@
         "-v", sandboxExecRoot.getPathString() + ":" + execRootInsideDocker.getPathString());
     dockerCmdLine.add("-w", execRootInsideDocker.getPathString());
 
+    for (ImmutableMap.Entry<String, String> additionalMountPath : additionalMounts) {
+      final String mountTarget = additionalMountPath.getValue();
+      final String mountSource = additionalMountPath.getKey();
+      dockerCmdLine.add("-v", mountSource + ":" + mountTarget);
+    }
+
     StringBuilder uidGidFlagBuilder = new StringBuilder();
     if (uid != 0) {
       uidGidFlagBuilder.append(uid);

diff --git a/src/main/java/com/google/devtools/build/lib/sandbox/DockerSandboxedSpawnRunner.java b/src/main/java/com/google/devtools/build/lib/sandbox/DockerSandboxedSpawnRunner.java
index 920af5a..773c17e 100644
--- a/src/main/java/com/google/devtools/build/lib/sandbox/DockerSandboxedSpawnRunner.java
+++ b/src/main/java/com/google/devtools/build/lib/sandbox/DockerSandboxedSpawnRunner.java

@@ -242,6 +242,7 @@
         .setImageName(customizedImageName)
         .setCommandArguments(spawn.getArguments())
         .setSandboxExecRoot(sandboxExecRoot)
+        .setAdditionalMounts(getSandboxOptions().sandboxAdditionalMounts)
         .setPrivileged(getSandboxOptions().dockerPrivileged)
         .setEnvironmentVariables(environment)
         .setKillDelay(timeoutKillDelay)
commit	850a301b173ce12f0f3f20a0d303efb22add9d18	[log] [tgz]
author	Matt Mukerjee <mukerjee@nefeli.io>	Wed Aug 21 06:06:59 2019 -0700
committer	Copybara-Service <copybara-worker@google.com>	Wed Aug 21 06:07:46 2019 -0700
tree	ce294dcb9cbe8c6de46a449a3e59a02bfc5eb2a5
parent	5fc91a75082d5015654160d43c168e5eb74fe2ae [diff]